Use the Access Control List (ACL) to control who can access your app's functionality.
The ACL essentially just contains a set of who has permission to execute an action in an Aragon app and who can re-grant or revoke that permission.
Most generally, an Entity can hold the permission to call a function protected by Role in an App, and their permission is managed by a Manager, who can revoke or regrant that permission.
Now let's say we have these 3 apps:
- A Token Manager app, which represents BOB token holders and forwards all their intents to another app
- A Voting app, which executes any arbitrary action after a voting of BOB token holders passes
- A Finance app, which controls the funds of the organization
With the simple mapping in the table above, we have done the following:
- Given permission to BOB token holders, using the Token Manager, to open votes in the Voting app
- Given permission to the Voting app to withdraw funds from the Finance app
We have achieved a fully democratic way of withdrawing funds in Ethereum!